tequilaOS/platform_build
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_build/target/product/security/Android.bp
Hunter Knepshield 06353ef218 Create a new certificate for 2021 CTS UICCs. 
This certificate will be used to enforce a clean break between "old" CTS
UICCs and new ones. The new UICCs will have hardware support for new
calculations that the old ones aren't capable of.

Old certificate:
./testkey.x509.pem
SHA-1: 61:ED:37:7E:85:D3:86:A8:DF:EE:6B:86:4B:D8:5B:0B:FA:A5:AF:81
SHA-256: A4:0D:A8:0A:59:D1:70:CA:A9:50:CF:15:C1:8C:45:4D:47:A3:9B:26:98:9D:8B:64:0E:CD:74:5B:A7:1B:F5:DC

New certificate:
./cts_uicc_2021.x509.pem
SHA-1: 06:97:71:39:21:E8:65:D0:1C:45:C4:A8:8D:45:7A:9D:96:F4:39:27
SHA-256: CE:7B:2B:47:AE:2B:75:52:C8:F9:2C:C2:91:24:27:98:83:04:1F:B6:23:A5:F1:94:A8:2C:9B:F1:5D:49:2A:A0

We won't yet submit the change to switch the signature of
CtsCarrierApiTestCases, as that will introduce downstream presubmit and
postsubmit failures until the new hardware is available for device labs.

Bug: 178419755
Test: temporarily switch CtsCarrierApiTestCases to be signed with
cts-uicc-2021-testkey, ensure:
  - Suite fails on a device with the old CTS SIM due to lack of carrier
  privileges
  - Suite passes with updated cuttlefish modem simulator ARF content

Change-Id: I7598426bd3e4db90a8f0d8d80ea03468fb30f876
2021-04-14 14:11:49 -07:00

31 lines
977 B
Text
Raw Blame History

// AOSP test certificate
package {
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "build_make_license"
// to get the below license kinds:
// legacy_restricted
default_applicable_licenses: ["build_make_license"],
}
android_app_certificate {
name: "aosp-testkey",
certificate: "testkey",
}
// Certificate for CTS tests that rely on UICC hardware conforming to the
// updated CTS UICC card specification introduced in 2021. See
// //cts/tests/tests/carrierapi/Android.bp for more details.
android_app_certificate {
name: "cts-uicc-2021-testkey",
certificate: "cts_uicc_2021",
}
// Google-owned certificate for CTS testing, since we can't trust arbitrary keys
// on release devices.
prebuilt_etc {
name: "fsverity-release-cert-der",
src: "fsverity-release.x509.der",
sub_dir: "security/fsverity",
filename_from_src: true,
}
Reference in a new issue View git blame Copy permalink